LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-17-2016, 12:23 AM   #1
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Rep: Reputation: 175Reputation: 175
Looking for suggestions for encryption


I read the post about encrypting usb drives but I'm interested in encrypting files, folders and possibly an automatic system for encrypting files and folders as I put them into a cloud.

I found AES Crypt. (see #11) That looked okay but I (pretty non-techie here) was concerned about running the file and don't know if it works on folders.

Then there was Sophos Free Encryption tool (see #12), which looks great, but it's not on Saphos site anymore and I don't know if it works on Ubuntu and folders.

Then for the cloud stuff there's Cryptomator. (#13 at the bottom).

And granted these are just the ones I happened to notice. And I'm not totally averse to using the terminal but would much prefer a GUI.

Anyway so two questions:

#1) What's good software for encrypting files and folders?
#2) What's a good automated software program for encrypting files and folders as they're put into a cloud?

Thanks.
Attached Thumbnails
Click image for larger version

Name:	Selection_011.png
Views:	20
Size:	9.0 KB
ID:	20863   Click image for larger version

Name:	Selection_012.png
Views:	17
Size:	142.4 KB
ID:	20864   Click image for larger version

Name:	Selection_013.png
Views:	23
Size:	123.0 KB
ID:	20865  
 
Old 02-17-2016, 01:27 AM   #2
mdooligan
Member
 
Registered: Feb 2009
Location: Vancouver BC
Distribution: Mandrake10/ArchHackery/Gentoo
Posts: 179

Rep: Reputation: 22
Don't forget about being able to DEcrypt them.

The options are nearly endless. You can RAR a file with password and it's nearly impossible to crack, but then you pass around password or it gets lost.

Are you trying to keep the NSA from sniffing yer crotch? Good luck there.

Basically, what are you trying to accomplish? More info needed.

When you talk about cloud, then just use whatever BS the cloud suppliers use to make things look encrypted. That will change weekly, with paid upgrades everytime.
 
Old 02-17-2016, 07:48 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
I don't put much faith in content-encryption nor drive-encryption ... in the end, the server or software must somehow, somewhere, possess the magic key, and they must constantly be applying it (unless the hardware does ...), which simply slows things down.

I suggest that it is most important to make it damn near impossible to get in, and then to limit what the software can do, should that software be hijacked. For instance:
  • Use OpenVPN encryption, with unique 4096-bit keys per machine connection, to cloak everything that passes "machine to machine" over the Internet. Also use it as the only way that you can even begin to gain access to it.
  • Use strong certificate-based SSH ... which can only be accessed once you've passed through the VPN.
  • Don't GRANT ALL PRIVILEGES ON anything TO anyone! Have different user-ids with permission to do things according to the "principle of least privilege." ("Bobby, howcum your web server was allowed to DROP TABLE students;?")
  • Aggressively use SQL database replication.
  • Don't rely on "passwords."
  • Use read-only mounts. The software source-code and libraries don't need to be modified; therefore, don't make them modifiable.
  • Don't trust any software package if you don't know exactly what it does and how it does it, no matter how extravagant the claims made by the vendor.
  • Don't trust technical capability and forget that "security is a process." The Enigma cipher should have been impenetrable.
 
Old 02-17-2016, 05:53 PM   #4
A.Thyssen
Member
 
Registered: May 2006
Location: Brisbane, Australia
Distribution: linux
Posts: 157

Rep: Reputation: 44
For USB or Cloud Encryption I suggest you look at EncFS
-- It will be in your linux package repository

This creates a second mount of the usb (or cloud) that is a decrypted version on the local machine. Only the local machine (not the USB or cloud) has the encryption key or sees decrypts files, and the encrypted data remains in the form of files and directories.

You can search edit and example teh decrypted filesm the data itself is not stored on disk in decrypted form!

The key difference to a encrypted RAR however is that any changes you make only changes the encrypted form of the file, whcih greatly reduces the traffic. In other words it does not have to encrypt/decrypt upload/download a large archive just for a change in a single file.

For a cloud backup you can even do a reversed encryption. That keep a local unencrypted copy, but create a mounted encrypted version for backup to the cloud.

For a basic summary (and more advanced notes I have made) see
http://www.ict.griffith.edu.au/antho...to/encfs.hints
Yes it is a plain text file.

Additional...
Actually BoxCryptor is based on a restricted (specifc setup) form of EncFS.
Cryptomator I think (not certian) is the same. They just wrapped a GUI around it.

Last edited by A.Thyssen; 02-17-2016 at 10:49 PM.
 
Old 02-17-2016, 06:09 PM   #5
A.Thyssen
Member
 
Registered: May 2006
Location: Brisbane, Australia
Distribution: linux
Posts: 157

Rep: Reputation: 44
Quote:
Originally Posted by sundialsvcs View Post
I don't put much faith in content-encryption nor drive-encryption ... in the end, the server or software must somehow, somewhere, possess the magic key, and they must constantly be applying it (unless the hardware does ...), which simply slows things down.
Really, the speed of encryption and decryption is very fast. Compression and Network is actually orders of magnitude slower!

The only part of encryption that is generally designed to be made slower is the Key derivation hashing (converting a pass-phrase into a cryptographic encryption key). They want this to take 1/2 to 1 second, to prevent brute force dictionary attacks. But it only needs to be done once on setup, so even that is not 'slow' from a normal users perspective.

Also using EncFS the files are only decrypted AS NEEDED. So the only time you would notice a problem is when say copying LOTS of files (backups?) -- I have never seen a speed problem even when grepping (searching) the decrypted mount of the archive! Even then with ENCfs you can backup (sync to another system or to cloud) the decrypted files without even decrypting them. That is not possible with a encrypted RAR, or Disk Partitioning (block level) Encryption.

In summary, Speed is not an issue.
-- Besides what do you think VPN is using which was part of your recomendations! Or even HTTPS (wecure web) whcih everyone uses.


Key in memory is also not really a problem. The user uses a pass-phrase, which is converted to a cryptographic key that is actually used for the encryption process. The Pass-phase itself is not used, nor kept in memory. This key looks like a 16 byte string of random binary numbers. So unless you are a Cryptographic Wiz (or NSA agent), finding the key in memory is VERY difficult without extremely intimate knowledge of the internals of the program.

Last edited by A.Thyssen; 02-17-2016 at 06:27 PM.
 
Old 02-17-2016, 06:59 PM   #6
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,274
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
+1 for password archives... I just set one with two passwords a .jar in a .zip to keep file titles inside secure.
Foil hat--> <;-D

You do mean this thread about USB?
 
Old 02-17-2016, 08:05 PM   #7
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
Gregg Bell

it really comes down to just HOW paranoid you are / need to be

the PI. your soon to be EX hired ?
or the FBI,CIA,NSA,... will toss you in JAIL or worse !!!


for the second ?
there is not much unless you are near PERFECT in the OpSec .
 
Old 02-17-2016, 10:58 PM   #8
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by mdooligan View Post
Don't forget about being able to DEcrypt them.

The options are nearly endless. You can RAR a file with password and it's nearly impossible to crack, but then you pass around password or it gets lost.

Are you trying to keep the NSA from sniffing yer crotch? Good luck there.

Basically, what are you trying to accomplish? More info needed.

When you talk about cloud, then just use whatever BS the cloud suppliers use to make things look encrypted. That will change weekly, with paid upgrades everytime.
Thanks mdooligan. I was just looking to be able to encrypt files and folders (in general). Then to store the encrypted ones in the cloud.
 
Old 02-17-2016, 11:03 PM   #9
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sundialsvcs View Post
I don't put much faith in content-encryption nor drive-encryption ... in the end, the server or software must somehow, somewhere, possess the magic key, and they must constantly be applying it (unless the hardware does ...), which simply slows things down.

I suggest that it is most important to make it damn near impossible to get in, and then to limit what the software can do, should that software be hijacked. For instance:
  • Use OpenVPN encryption, with unique 4096-bit keys per machine connection, to cloak everything that passes "machine to machine" over the Internet. Also use it as the only way that you can even begin to gain access to it.
  • Use strong certificate-based SSH ... which can only be accessed once you've passed through the VPN.
  • Don't GRANT ALL PRIVILEGES ON anything TO anyone! Have different user-ids with permission to do things according to the "principle of least privilege." ("Bobby, howcum your web server was allowed to DROP TABLE students;?")
  • Aggressively use SQL database replication.
  • Don't rely on "passwords."
  • Use read-only mounts. The software source-code and libraries don't need to be modified; therefore, don't make them modifiable.
  • Don't trust any software package if you don't know exactly what it does and how it does it, no matter how extravagant the claims made by the vendor.
  • Don't trust technical capability and forget that "security is a process." The Enigma cipher should have been impenetrable.
Thanks sundial. Lots of good information here. I don't need 'machine to machine' encryption. (I don't think anyway. LOL) Yeah, mostly after just basic encryption. (I don't have anything that sensitive.)
 
Old 02-17-2016, 11:25 PM   #10
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by A.Thyssen View Post
For USB or Cloud Encryption I suggest you look at EncFS
-- It will be in your linux package repository

This creates a second mount of the usb (or cloud) that is a decrypted version on the local machine. Only the local machine (not the USB or cloud) has the encryption key or sees decrypts files, and the encrypted data remains in the form of files and directories.

You can search edit and example teh decrypted filesm the data itself is not stored on disk in decrypted form!

The key difference to a encrypted RAR however is that any changes you make only changes the encrypted form of the file, whcih greatly reduces the traffic. In other words it does not have to encrypt/decrypt upload/download a large archive just for a change in a single file.

For a cloud backup you can even do a reversed encryption. That keep a local unencrypted copy, but create a mounted encrypted version for backup to the cloud.

For a basic summary (and more advanced notes I have made) see
http://www.ict.griffith.edu.au/antho...to/encfs.hints
Yes it is a plain text file.

Additional...
Actually BoxCryptor is based on a restricted (specifc setup) form of EncFS.
Cryptomator I think (not certian) is the same. They just wrapped a GUI around it.
Thanks A.Thyssen. Hmm. I looked at that txt file. A lot of information. It looks great but pretty much for my needs. I looked at Boxcryptor's site and they have a new thing called Whisply. I don't know, I didn't trust Whisply (it wanted me to sign in to Dropbox). I need to be extra-concerned because I'm not very knowledgeable how computers work. But I'm learning. Appreciate you responding.
 
Old 02-17-2016, 11:30 PM   #11
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by jamison20000e View Post
+1 for password archives... I just set one with two passwords a .jar in a .zip to keep file titles inside secure.
Foil hat--> <;-D

You do mean this thread about USB?
Thanks jamison. Yes, that was the USB thread I was referring to. And your method sounds simple enough (even for me!). Can you explain how it's done or have a link explaining it?
 
Old 02-17-2016, 11:33 PM   #12
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,274
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Thumbs up

Should be able to right click and select "compress to..." then pick a format that has a password check-box.

Last edited by jamison20000e; 02-17-2016 at 11:37 PM. Reason: spelling
 
Old 02-17-2016, 11:35 PM   #13
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by John VV View Post
Gregg Bell

it really comes down to just HOW paranoid you are / need to be

the PI. your soon to be EX hired ?
or the FBI,CIA,NSA,... will toss you in JAIL or worse !!!


for the second ?
there is not much unless you are near PERFECT in the OpSec .
I really have no reason to be paranoid but I am! And yeah, I was reading about the cloud encryption and the various disasters that were potential. Yeah, I'm going to chill on this, I think. And OpSpec? Operational Security? Hmm. I don't think the clouds for me.

I'm going to close this and post a simpler thread. Thanks.
 
Old 02-18-2016, 12:16 AM   #14
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by jamison20000e View Post
Should be able to right click and select "compress to..." then pick a format that has a password check-box.
Okay, thanks, I saw that. (On mine it's a 2-stage process. I have to right click, choose "create archive" and then there's a dropdown box with the password entry box.) The only extensions that had a password box were: .cbz, .ear, .war and .zip. Is one better than the other? And Is this good encryption? (You always hear about this 256 aes being good.) And I noticed there were some things that when I right-clicked on them I was not given the option to "create archive" (hence no option to encrypt it). I noticed .odt files (which is what I would want mostly to encrypt) and .docx files did not have the "create archives" option. While .doc did. Kind of strange. Know what's up with that? (I suppose I could always put the file in a folder and encrypt it that way.) Thanks.
 
Old 02-18-2016, 12:21 AM   #15
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,274
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
.zip seems most popular and probably compresses best if that matters?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Non-system partition encryption versus container-file encryption of equal size Ulysses_ Linux - Security 13 07-17-2015 07:38 PM
new gpg encryption/signing frontend -- looking for name suggestions ryran Linux - General 13 01-27-2012 02:09 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration